Nagios Support Forum

Hi Team,

recently we have upgraded nrpe on all our client rhel7 servers and we are seeing illegal metachars issue in client servers for nrpe

Jul 20 18:28:22 host-001 nrpe[47299]: Error: Request contained illegal metachars!
Jul 20 18:28:22 host-001 nrpe[47299]: Client request from nagioshost was invalid, bailing out...
Jul 20 18:28:23 host-001 nrpe[47302]: Error: Request contained illegal metachars!
Jul 20 18:28:23 host-001 nrpe[47302]: Client request from nagioshost was invalid, bailing out...

But as per below git hub changelog from nagios enterprise,, it says "Fixed nasty_metachars not being read from config file (#235) (Sebastian Wolf)"

https://github.com/NagiosEnterprises/nr ... ANGELOG.md

Below is the command and argument im running from nagios server and error message im getting

/usr/lib64/nagios/plugins/check_nrpe -u -t 60 -H host -c check_procs_args -a '-c 1: -C java --ereg-argument-array="-Dcatalina\.(home|base)=/srv/solrSlaveTcSrv"'
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).

Below is the option im adding in nrpe.cfg for overriding nasty_metchars

nasty_metachars="|`&><'\\[]{};\r\n"

Can you let me know if overriding nasty_metachars is really fixed on nrpe 4.0.3 version of nrpe agent

Appreciate quick help on this.

Your arguments contains the pipe | and they are in the nasty_metachars list, so the request is discarded

yes, But i want to override this by adding nasty_metachars entry in nrpe.cfg. even the the latest version nrpe fixed bug says the same that we can override illegal metachars by adding entry with nasty_metachars="|`&><'\\[]{};\r\n" in nrpe.cfg

Even request gets rejected without pipe symbol also, i tried running same command like below without | symbol , its gives the error message saying illegal metachars

[root@nagioshost /]# /usr/lib64/nagios/plugins/check_nrpe -u -t 60 -H host -c check_procs_args -a '-c 1: -C java --ereg-argument-array="-Dcatalina.(home,base)=/srv/solrSlaveTcSrv"'
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).


Jul 20 23:56:54 host nrpe[9389]: Error: Request contained illegal metachars!
Jul 20 23:56:54 host nrpe[9389]: Client request from nagioshost was invalid, bailing out...
Jul 20 23:56:54 host nrpe[9391]: Error: Request contained illegal metachars!
Jul 20 23:56:54 host nrpe[9391]: Client request from nagioshost was invalid, bailing out...

Even security.md that you provided says i can override by adding this flag

Nasty Metacharacters
To help prevent some nasty things from being done by evil clients, the following metacharacters are not allowed in client command arguments:

| ` & > < ' \ [ ] { } ; ! \r \n
You can override these defaults by adjusting the nasty_metachars flag in the config file.

Any client request which contains the above mentioned metachars is discarded.

I also noticed you have this Being they you have " tin this field, the double quote would be considered a nasty metachar

try then restart NRPE

Hi Scott,

Thank you for your reply. i tried adding nasty_metachars entry like you suggested and still im getting issue with \ and | symbols.

[root@nagios /]# /usr/lib64/nagios/plugins/check_nrpe -u -t 60 -H host -c check_procs_args -a '-c 1: -C java --ereg-argument-array="-Dcatalina\.(home|base)=/srv/solrSlaveTcSrv"'
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).

on client machine, im still seeing logs with illegal characters
Jul 21 18:15:17 host nrpe[68915]: Error: Request contained illegal metachars!
Jul 21 18:15:17 host nrpe[68915]: Client request from nagios was invalid, bailing out...


Can you please suggest what else am i missing here?

Yes, if you wanted to allow the | and \ you would need to change this to:
removing the | and \\

I do want to note that allowing these chars on arguments does pose a risk for unintended command execution, and it may be nest to hard-code these special commands and not pass arguments for them.